redirect to malicious url

Discussion regarding Joomla! 2.5 security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Locked
a-g
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Fri Oct 10, 2014 4:35 am

redirect to malicious url

Post by a-g » Fri Oct 10, 2014 5:52 am

Hi,
I have a problem with loading site, it is too slow and i found site letcaro.x24 hr.com that load in my web site and i don't know where is it. in view page source it is :<script src="//letcaro. x24hr. com/js/couter.js?ver=1.2.7" type="text/javascript"></script>
.
website in mobile often redirect to another sites, but in another devices only in loading the letcaro come but load the site with delay.
I didn't find where is the code relating to letcaro.
the fpa report is : [removed]
please help us it is too complex for me
Last edited by mandville on Wed Oct 15, 2014 10:30 am, edited 3 times in total.
Reason: retitled no urls in post title. broke link

User avatar
cmshelplive
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 171
Joined: Thu Dec 09, 2010 9:52 am
Location: United States
Contact:

Re: redirect to letcaro.x24hr.com

Post by cmshelplive » Wed Oct 15, 2014 9:28 am

Your site seems to have security concerns.

Start here:
http://forum.joomla.org/viewtopic.php?f=621&t=582854

Keeping Joomla, and corresponding site elements upgraded always helps your site to stay clean.
Joomla Forum Support | CMSHelpLive
Support Site: http://joomla.cmshelplive.com/get-help.html
Facebook: https://www.facebook.com/CMSHelpLive

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14781
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: redirect to malicious url

Post by mandville » Wed Oct 15, 2014 10:31 am

Reload site from backup and follow the fpa instructions properly
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

peter_sucuri
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Thu Nov 27, 2014 3:57 pm

Re: redirect to malicious url

Post by peter_sucuri » Thu Nov 27, 2014 4:04 pm

Hi there,

maybe you already fixed this problem, but just in case. Right now, I'm researching similar/same issue for one of our clients and I recommend checking following files:

/libraries/joomla/document/html/renderer/head.php
/libraries/joomla/session/session.php

In the case I'm working on, these files were infected and the malicious script was loaded exactly from the head.php - search for $document->_scripts[gzuncompress(base64_decode('eJzT1.. etc. Maybe on your site, it will be in other file, but at least you might know what to focus on.

Good luck!

--
Peter Gramantik
Sr. Malware Researcher | Sucuri, Inc.
http://sucuri.net


Locked

Return to “Security in Joomla! 2.5”